The OpenCA PKI Research Labs, born from the former OpenCA Project, is an
open organization aimed to provide a framework for PKI studying and
development of related projects.
As the PKIs standards, interests and projects are growing fast, it has been
decided to split the original project into smaller ones to speed up and
reorganize efforts.
Some projects have already started and received (whenever possible) funds,
while others are finding their way to the final decisional stage.

We strongly encourage everyone to contribute to our initiatives and projects.
We welcome contributions in many forms.
Our members are those individuals who have demonstrated a commitment to
collaborative open-source software development through sustained participation
and contributions within the Foundation's projects.

The WiKi pages for our projects are up again. More work is still to be
done to recover the old content (at this moment, it is not clear if
possible at all). Thanks to all who reported the issue!

OCSPD v3.1.1 (Rodeo)

by #madwolf @ 24.03.2015

The new version (v3.1.1/Rodeo) of the OpenCA's OCSPD is available.
This release provides fixes over the previous one. Some of which are:
updated requirement for libpki - now 0.8.8, fixed generating normal
responses when crlCheckValidity is set to '0' and the CRL is outside
its validity period (previous behavior was to send a tryLater response).
Download the new version for your system in the
OCSPD download pages.

LIBPKI UPGRADE REQUIRED (OCSPD)

by #madwolf @ 24.03.2015

A new version of LibPKI (v0.8.8) is available for download. The new
version fixes important bugs that might affect the installation of
the OCSPD. Everybody is STRONGLY encouraged to upgrade the LibPKI
package to the latest available version.

LibPKI v0.8.8 (Fixer)

by #madwolf @ 24.03.2015

The new version (v0.8.8/Fixer) of LibPKI is available. Changes mostly
involve bug fixes that affected many libpki-tools.
Download the new version for your system in the
LibPKI download pages.

OCSPD v3.1.0 (Steamy)

by #madwolf @ 13.08.2014

The new version (v3.1.0/Steamy) of the OpenCA's OCSPD is available.
This release provides many new features and fixes over the previous
one. Some of which are: updated support for libpki 0.8.7, fixed HTTP
GET message handling, leverage the new PKI_MEM encoding interface,
enhanced performances (up to 8,000 signatures per second in software).
Download the new version for your system in the
OCSPD download pages.

LibPKI v0.8.7 (Grouchy)

by #madwolf @ 08.13.2014

The new version (v0.8.7/Grouchy) of LibPKI is available. Changes mostly
involve HTTP GET messages fixing, OCSP interface improvements, and memory
fixes. Download the new version for your system in the
LibPKI download pages.

Sources Available on GitHub

by #director @ 28.07.2014

We moved our sources to the public GitHub repository. This will allow better source
code availability and maintenance. We still suggest to download the packages and the
source code directly from our repositories and mirros. The repositories can be found
here.

OCSPD v3.0.0 (FreeDom)

by #madwolf @ 10.05.2014

The new version (v3.0.0/FreeDom) of the OpenCA's OCSPD is available.
Changes mostly involve updating support for LibPKI 0.8.5 which fixes
HTTP performances issues. Download the new version
for your system in the OCSPD download
pages.

LibPKI (Divorcé)

by #madwolf @ 10.05.2014

The new version (v0.8.5/Divorcé) of LibPKI is available. Changes mostly
involve HTTP messages bug fixing, X509 object signing fix, and performance
enhancing (reached 460+ signatures in software only configuration).
Download the new version for your system in the
LibPKI download pages.

OCSPD v2.4.3 (BeHappy)

by #madwolf @ 24.09.2013

The new version (v2.4.3/BeHappy) of the OpenCA's OCSPD is available.
Changes mostly involve updating support for LibPKI 0.8.1 which fixes
a URI parsing issue with HTTP GET requests. Download the new version
for your system in the
OCSPD download pages.

LibPKI v0.8.1 (BeMore)

by #madwolf @ 22.09.2013

The new version (v0.8.1/BeMore) of LibPKI is available. Changes mostly
involve bug fixing and URI parsing (fixes a bug in OpenCA OCSPD with HTTP GET requests).
Download the new version for your system in the
LibPKI download pages.

OCSPD v2.4.2 (Ocampa)

by madwolf @ 03.08.2013

A new version of the OCSPD responder is available for
download. Major improvements over the last publicly available version are:
updated support for LibPKI 0.8.0+, fixed start/stop script, fixed memory leaks,
fixed error in configuration that prevented the reloading of expired CRLs,
improved response time, fixed support for GET request types.

OpenCA PKI v1.5.0 (SpecialK)

by madwolf @ 08.08.2013

The OpenCA PKI v.1.5.1 (SpecialK) is out!
This version incorporates all the bug fixes from v1.3.0.
The changes are available in the ChangeLog link from the OpenCA downloads page.

LibPKI v0.8.0 (Sequester)

by #madwolf @ 03.08.2013

The new version (v0.8.0/Sequester) of LibPKI is available. Changes mostly
involve bug fixing.
Download the new version for your system in the
LibPKI download pages.

LibPKI v0.6.7 (Papocchio)

by #madwolf @ 17.02.2012

The new version (v0.6.7/Papocchio) of LibPKI is available. Major changes
over v0.6.5 are: fixed OCSP response initialization, added support for DNS
url for retrieving DNS records via the simple URL_* interface, added initial
support for Lightweight Internet Revocation Tokens (LIRTs)
Download the new version for your system in the
LibPKI download pages.

LibPKI v0.6.5 (Hope)

by #madwolf @ 15.02.2011

The new version (v0.6.5/Hope) of LibPKI is available. Major changes
over v0.6.4 are: fixed a key-encoding error in OpenSSL, added new pki-siginfo
tool to ease signature info gathering for X509 objs, added PKI_X509_KEYPAIR_get_curve()
to get curve related to an EC key, added possibility to load any type of X509 objects
by using PKI_X509_get() with PKI_DATATYPE_ANY as a type, fixed an error when
setting the signature algorithm in PKI_X509_CERT_new(), enhanced support for ECDSA
key management.
Download the new version for your system in the
LibPKI download pages.

LibPKI v0.6.4 (Broadway)

by #madwolf @ 15.02.2011

The new version (v0.6.4/Broadway) of LibPKI is available. Major changes
over v0.6.3 are: fixed HTTP code (memory allocation error), enhanced
command-line tool for CRL manipulation (pki-crl).
Download the new version for your system in the
LibPKI download pages.

OCSPD v2.1.0 (Ellie)

by madwolf @ 11.02.2011

A new version of the OCSPD responder is available for
download. Major improvements over the last publicly available version are:
Updated default configuration files (default passin set to none), enhanced
support for ECDSA support, updated thread management with builtin support
from LibPKI 0.6.3, fixed start/stop script, fixed a memory error in config.c
causing segfault on CRL reload, deleted extra two bytes sent out after the
DER encoding of the response is written (that was causing Firefox/Thunderbird
not to validate the answer), fixed an error in return code check for
PKI_NET_listen, fixed error in config parsing when no bind address was provided.

LibPKI v0.6.3 (Viper)

by #madwolf @ 10.02.2011

The new version (Viper/v0.6.3) of LibPKI is available. Major changes
over v0.6.1 are: extended support for ECDSA (via profile/keyParams in
profile configuration files), fixed linker issues on Solaris, added
pki-cert command line tool, fixed ocsp library code. Download the new
version for your system in the
LibPKI download pages.

DemoCA Online Again

by madwolf @ 12.12.2010

The demo online CA
is back online due to great demand from people
interested in the OpenCA PKI software.
We will try to keep it online as much as possible, please be warned,
though, that it is just a
DEMO service and no liability is implied.

Current version of the Online CA is v1.1.1.

OCSPD Firefox Fix

by madwolf @ 19.11.2010

Due to a bug in Firefox (memory management), you need to have the OCSPD
to be compiled against the LibPKI v0.6.1+. Please download the source code
and re-compile the daemon once you updated the crypto library.

OCSPD 2.0.0

by madwolf @ 17.11.2010

A new version of the OCSPD responder is
available for
download. Major improvements over the last publicly available version
(mostly coming from supporting for LibPKI v0.6.0) are: extensive support for
hardware devices (PKCS#11 and OpenSSL Engine), multiple keypair and certificate
support for response signatures, POST and GET support, IPv6 support.

LibPKI v0.6.0 (Turkey)

by #madwolf @ 17.11.2010

The new version (Turkey/v0.6.0) of LibPKI is available. Major changes
over v0.5.1 are: support for IPv6 in network calls, fixes for URL
parsing and PKI_SSL_* interface enhancements. Get the new version
for your system in the
LibPKI download pages.

LibPKI v0.5.1 (Zoiberg)

by #madwolf @ 02.09.2010

The new version (Zoiberg/v0.5.1) of LibPKI is available. Major changes
over v0.5.0 are: better support for OS independent Thread Management
together with thread synchronization primitives (mutexes, condition
variables, and r/w locks, LDAP interface fixes. Get the new version
for your system in the
LibPKI download pages.

Yum Repositories

28.08.2010 #madwolf

Yum repositories for OpenCA projects have been created. If your
system supports Yum (and RPMs) you can use the provided links to
install the repository configuration on your system.

LibPKI v0.5.0

27.08.2010 #madwolf

The new version (lulu/v0.5.0) of LibPKI
is available for download.
Many changes to the library and bug fixing over the old version.
In particular: added support for different OSes (initial support
for Win port), added PKI_SSL and support for easy SSL/TLS management,
added support for Win LDAP API, added support for 64bit architectures,
added safe URL encoding for HTTP GET protocol, added platform-independed
thread management.

New Website Layout

26.08.2010 #madwolf

The OpenCA Website has undergone a complete makeover to address incompatibities
with some web browsers (IE) and to provide a cleaner interface for users.
Please let us know if you like it here.

Webserver fixed

06.01.2010 #madwolf

The problems with the OpenCA's servers have been fixed.
Please let us know if you still experience any major inconvenience when
using OpenCA services.